Section 1 — Definitions, Scope & Legal Framework
1.1 Definitions
For the purposes of this policy, the following terms shall have the meanings below unless context requires otherwise:
Company: The entity that owns and operates the Platform, registered in the United Arab Emirates, including its legal successors, assignees, and authorized service providers.
Platform: The website and/or application and/or any digital interface owned or operated by the Company, including related systems, software, cloud infrastructure, APIs, and updates.
User: Any natural or legal person who accesses the Platform, creates an account, or uses the services, whether as an individual user or as an authorized representative of a commercial entity.
Personal Data: Any information relating to an identified or identifiable natural person, directly or indirectly, including identity data, contact data, usage data, and technical data.
User Data: Any data, content, or inputs that the user enters, uploads, or transmits through the Platform, which may include personal data relating to the user or their clients.
Processing: Any operation performed on personal data, such as collection, recording, organization, storage, modification, retrieval, use, disclosure, transfer, deletion, or destruction.
Third-Party Service Providers: Entities relied upon by the Company to provide or support the services (e.g., cloud hosting, payment, analytics, security, email, AI models), which are not direct contractual parties with the user except under their own policies.
1.2 Scope of Application
This policy applies to all personal data processed through:
Use of the Platform and services
Creation of accounts and subscriptions
Communication with the Company or technical support
This policy applies to:
Individual users and corporate users
All current and future services
Any processing carried out inside or outside the United Arab Emirates, provided the Company acts as a data controller or processor
1.3 Legal Framework & Compliance
This policy was prepared in compliance with:
The UAE Personal Data Protection Law (UAE PDPL — Federal Decree-Law No. 45 of 2021)
Its executive regulations and the decisions issued thereunder
Relevant federal laws on electronic transactions and trust services
When the Platform is accessed from outside the UAE, the user acknowledges that the primary legal reference for data processing is UAE law, and that differences in local laws do not create additional obligations for the Company unless expressly stated.
1.4 Role of the Company (Controller / Processor)
Depending on the nature of the service, the Company acts as:
Data Controller with respect to users' direct personal data
Data Processor with respect to data entered by corporate users about their clients
The Company undertakes to process data in accordance with the user's instructions and in a manner that ensures legal compliance and protection of rights and freedoms.
Section 2 — Types of Data We Collect & Their Sources
2.1 Data Collected Directly from the User
The Company collects and processes the following data when a user creates an account, uses the Platform, or communicates with the Company:
Basic Identification Data: name, email address, phone number, company name, job title
Account and Subscription Data: username, account settings, plan type, subscription date, account status
Payment and Billing Data: payment status, currency, country, invoices (full payment card data is not stored; it is processed through approved payment providers)
Communication and Support Data: correspondence, support requests, complaints, and feedback
2.2 Data Collected Automatically
When using the Platform, technical and operational data may be collected automatically, including:
Usage Data: pages accessed, features used, session durations, activity logs
Technical Data: IP address, browser type, operating system, device identifiers, language settings
Log and Security Data: login records, unauthorized access attempts, error logs
2.3 Data Provided by Corporate Users (B2B)
When the Platform is used by companies or organizations, user data may include personal data relating to employees, clients, or third parties. Corporate users acknowledge that they:
Have the legal basis to collect such data
Are legally authorized to process it through the Platform
Are responsible for notifying data subjects and for their own privacy policies
2.4 AI and Analytics Data
Data entered or generated through AI tools may include textual inputs, analytical or predictive outputs. Such data is used to provide the requested service, improve model performance, and ensure security and compliance. This data is not used to identify natural persons unless necessary to provide the service.
Section 3 — Purposes of Processing & Legal Basis
3.1 Purposes of Personal Data Processing
Service Provision and Operation: enable access to the Platform, create accounts, manage subscriptions, and operate technical featuresAccount and Contractual Relationship Management: verify identity, manage permissions, enforce Terms of ServiceTechnical Support and Customer Service: respond to support requests, handle complaints, resolve technical issuesBilling and Collection: issue invoices, collect fees, manage payments, handle financial disputesPerformance Improvement and Service Development: analyze usage, improve interface, develop new featuresSecurity and Fraud Prevention: monitor suspicious activities, protect the Platform and usersLegal and Regulatory Compliance: fulfill legal obligations, respond to competent authorities, retain legally required records
3.2 Legal Basis for Processing
Contract Performance: when processing is necessary to fulfill the contractual relationshipExplicit Consent: when the user provides prior, explicit consent for specific purposesLegal Obligation: when processing is necessary to comply with applicable lawsLegitimate Interest: when necessary to achieve a legitimate interest without conflicting with users' rightsProtection of Vital Interests: in exceptional cases to protect vital interests
3.3 Data Minimization & Purpose Limitation
The Company adheres to the principle of data minimization — data is collected and processed only to the extent necessary, for specific and legitimate purposes, and without being used for incompatible purposes. Data shall not be further processed for a new purpose unless compatible with the original, or based on a separate legal basis, or with explicit new consent.
Section 4 — Data Sharing & Disclosure
The Company commits not to share, sell, or rent users' personal data to any third party, except to the extent necessary to provide the services or comply with legal obligations.
4.1 Sharing with Third-Party Service Providers
The Company may share personal data with trusted third-party providers to the extent necessary, such as:
Cloud hosting and infrastructure providers
Payment and billing service providers
Technical support service providers
Security and analytics service providers
Providers of AI models and tools
The Company ensures service providers are bound by contractual obligations to protect data, use it only per the Company's instructions, and implement appropriate security measures.
4.2 Disclosure for Legal or Regulatory Reasons
The Company may disclose personal data without consent if required to comply with a legal obligation, in response to a court order, or necessary to protect the rights of the Company, users, or others. Such disclosure is carried out to the narrowest extent possible and in compliance with applicable laws.
4.3 Corporate Users (B2B)
When the Platform is used by companies, data relating to their clients or employees may be processed. The Company acts as a data processor under the corporate user's instructions. The responsibility for notifying data subjects and obtaining necessary consents lies with the corporate user.
4.4 Mergers or Acquisitions
In the event of a merger, acquisition, or sale of assets, personal data may be transferred to the successor entity, provided the same level of data protection continues to apply and users are notified where legally required.
Section 5 — Data Retention & Security
The Company retains personal data only for as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, resolve disputes, or enforce agreements.
The Company implements appropriate technical and organizational security measures to protect personal data against unauthorized access, alteration, disclosure, or destruction. These include encryption, access controls, and regular security assessments.
Upon expiration or termination of the subscription, user data may be retained for a limited grace period as operationally determined, after which it is deleted or anonymized in accordance with applicable law.
Section 6 — User Rights
Subject to applicable law, users have the right to:
Access: request a copy of the personal data the Company holds about them
Rectification: request correction of inaccurate or incomplete personal data
Erasure: request deletion of personal data in certain circumstances
Restriction: request that the Company limits the processing of personal data
Objection: object to the processing of personal data based on legitimate interest
Data Portability: receive personal data in a structured, commonly used format
Withdrawal of Consent: withdraw consent at any time where processing is based on consent, without affecting the lawfulness of prior processing
To exercise any of these rights, contact us at [email protected]. The Company will respond within a reasonable timeframe as required by applicable law.
Section 7 — Cookies & Tracking Technologies
The Company uses cookies and similar tracking technologies to operate and improve the Platform. Please refer to the Cookies Policy for full details on the types of cookies used, their purposes, and how users can manage their preferences.
Section 8 — Policy Updates
The Company reserves the right to amend this policy in accordance with applicable laws. Users will be notified of material changes in an appropriate manner. Continued use of the Platform after the effective date of any update constitutes acceptance of the updated policy.
For questions about this policy, contact us at: [email protected]